Posted
by
timothy
on Saturday December 01, 2012 @12:39PM
from the but-they-said-to-download dept.

WebMink writes "GitHub is a great open source hosting site, right? Wrong. There's no requirement that projects on GitHub provide any copyright license, let alone an open source one, so roughly half the projects on GitHub are "all rights reserved" — meaning you could well be violating copyright if you make any use of the code in them. And GitHub management seem just fine with this state of affairs, saying picking a license is too hard for ordinary developers. But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

And it's probably one of the first places that comes to mind, shows up on a cursory search, or is suggested by someone in passing. Given that the site maintainers are fine with the state of things, the issue would seem to lie with the assumption that all code there is OSS licensed, rather than its use as a catch-all repository.

If it's not free for use for non-commercial use, then it shouldn't have been put up there without at least password protection, preferably encrypted as well. Basically, it's "in the cloud", so it's mine to use. Before anyone attempts to use code on github for derivative works or anything, then they really need to check the licensing. But for personal use? Phhhttt - screw the "rights holders"!!!

In sensible jurisdictions, the act of running a program is not a copyright event, since it does not involve distribution. When you download, compile, and execute something from Github, the only copyright event is Github distributing the source file. The rest is not of concern to copyright law.

Alas, when copyright was conceived, copying and distribution were practically one and the same, so "right to distribute" was unfortunately misnamed "copyright". Many jurisdictions later looked at computers and misunderstood any bit duplication to be a copyright event. Denmark is one of the most extreme cases, where every (ISP or otherwise) router is subject to copyright law whenever it moves copyrighted bits around. That level of absurdity is fortunately fairly rare.

That's a false comparison; those mp3s weren't uploaded by the artist themselves. If a musician uploads a track today with a free download, and provides the link without any password protection or encryption so anyone can link to and download it willy nilly, then yes, it's free and you can run it on your computer and listen to it.

I think they should put a warning up for people, that by downloading and compiling the code you could be in violation of the law,

By analogy, this would be like the artist putting up a track for download and saying it's illegal to listen to.

It's not an unreasonable assumption that something available for download is less than fully encumbered.

It's incredibly unreasonable. If I put a TV in my shop window, you may be able to watch it, but that doesn't mean you have permission to change the channel, or take it home with you. Likewise, if somebody puts code on the Internet, then you can read it. The way the law works in the majority of the world, if you don't have an explicit grant of permission to copy something, or a specific reason to think

this. i've only used github for my personal projects. not everyone cares about contributing to open source projects, or making their code available to others. and there's nothing wrong with that. not everyone should be expected to share their work.

This has been my approach to homework (which is mostly.tex and.py).
For all I care, I don't mind if someone forks my homework or does anything with it. Though I wouldn't mind them merging their changes back:)

I only use GitHub for code I have written under non-commercial licenses. Mostly Linux ports of former commercial games. SourceForge won't host them. Icculus is a bit of a pain to convince to host your code. GitHub is one of the few choices available gratis.

If memory serves, the original post I linked was written by Scott Chacon [scottchacon.com], and was served on GitHub proper/blog for some time. The link I gave appears to be the last remaining mirror that Google finds.

Every question, answer, and comment on the StackExchange websites (StackOverflow, ServerFault, et. al.) is automatically licensed on something very akin to the GPL (the Creative Commons Share Alike License); if you use code from those sites, your entire application's source will legally have to be released.

In order to have copyright you must first create a work. Most of the code examples that people post on those sites are so short and trivial that I doubt that very many of them (as published in isolation) would qualify as works in most jurisdictions. Even if you have a code example that is complex enough to qualify as a work you could still probably copy-paste a few lines from that work without breaching the copyright, especially if those lines are trivial or obvious or constitute best practice in the language.

Since the original author is essentially publishing the code it would seem that an individual downloader would have the right to use the code on a personal basis. This individual would merely not be allowed to redistribute or otherwise share the code.

Of course if the individual wants to share the work with someone else they merely have to refer that person to the original author's github repository.

So if someone creates a useful a utility program, decides to license it in a non-FOSS manner, the author

Is only a problem in places where computer algorithms can be patented. and beside, anyone just grabbing code and pasting direct onto a product without audit or modification is asking for a nice backdoor.

The GP must have looked at the origins of Germanic copyright legislation and decided that it both sounds sane and could be a good idea overall (except for the duration perhaps). Alas, like "Intellectual Property" in every other place, the scope gets larger and the results more similar to the rest of the world.

The original US copyright law also sounds like a sane and workable system, even though it was diff

Actually, "Urheberrecht" is due to an EU directive, which mandated the whole thing throughout the EU a bit over a decade ago. It applies to the whole EU today.

Also, if memory serves, it was pushed forward by the -- at the time French -- EC commissioner in charge of property rights (though I'd need to double check that, so take the latter point with a grain of salt), on grounds that (this much I'm sure of) a workers' writing/coding/music/movie shouldn't ever belong to his editor or publisher, but to the auth

This certainly isn't a new problem. If you work for a corporation, you aren't going to use code without a clear license. At least, I hope you aren't. If you need clarification about a license, you can often just contact the author. Just because the website is called "Github" doesn't mean you should treat the code any differently than code you find laying around anywhere else.

You won't be able to use this competitive advantage if your company has lawyers on staff. A small startup will use the advantage because they don't have a lawyer who can forget to explain estoppel to them.

Exactly - this is nothing new. You could be cutting and pasting from anywhere on the web and the exact same hazard exists. You should not be cutting and pasting without knowing the license, from Github or anywhere else.

To "old" hands like me, GitHub is one of the last places reminiscent of the great liberties we had up to the end of the '90s. So what do we care ? Take code from GitHub, copy/paste, re-implement ideas you find there, possibly implemented badly.... C'mon, who gives a damn about copyright on GitHub ????

But if you're not going to give anyone permission to use your code, why post it on GitHub in the first place?"

Lets say I stumble across a fantastic utility, and the source is open for me to view. I'll dive through the code and make sure I'm comfortable with its functionality (i.e. it's not doing anything I don't want it to do) before grabbing the tool.

I'm not using the code for my own projects. I'm just vetting the code. Plenty of developers throw code for small utilities up for exactly this reason, and the vast majority of the world is totally cool with it.

4. Get annoyed that a court finds the existence of an implied licence, or, in some nuanced cases, that the action is prevented under the principle of non-derogation from grant. Assuming the defendant can afford to argue.

4. Get annoyed that a court finds the existence of an implied licence, or, in some nuanced cases, that the action is prevented under the principle of non-derogation from grant. Assuming the defendant can afford to argue

Please. Come back to reality.

When in the recent past have you seen a court rule on copyright with common sense?

When in the recent past have you seen a court rule on copyright with common sense?

I'm not sure that Usedsoft [europa.eu] applied common sense, but rather some convoluted reasoning, but the outcome seems sensible enough. Picking on rulings relevant here, I think the US court's decision in Wallace v. IBM [uscourts.gov] was common sense, as was the finding of the German court in Welte v. Skype [gnumonks.org].

Perhaps look also at Griggs v. Evans [bailii.org] — a pragmatic decision on the facts, to my mind.

Sure, there are some odd judgments, but there are some sensible, practical judges out there too.

My pleasure. If you do read the Usedsoft decision, there's a good chance you'll find it pretty impenetrable, unless you are familiar with the computer programs directive — I prepared some slides [neilzone.co.uk] for a friend's talk on Usedsoft a couple of weeks back, which you might find helpful alongside the decision. (Listed as (c) to me (ironic, given the thread here) but, as far as I'm concerned, treat as CC0 [creativecommons.org].)

The author seems to confuse open source with copyleft. Open source is not a legal thing. And a ban on redistribution of derivative works doesn't mean that it's useless. Knowing the source code of a piece of software is important if you want to use it for any security-sensitive work or if you want to implement some modifications of your own (which you don't intend to distribute). It's not unheard of even that a developer company only gives the source code to their paying costumers.

Open Source, as defined by the Open Source Initiative, is most definitively a legal thing.

a ban on redistribution of derivative works doesn't mean that it's useless. Knowing the source code of a piece of software is important if you want to use it for any security-sensitive work or if you want to implement some modifications of your own (which you don't intend to distribute). It's not unheard of even that a developer company only gives the source code to their paying costumers.

This is why the author says it's dangerous.

Unlicensed code ("All rights reserved") is not a ban on redistribution. It's a ban on any copying, including forking the code to your machine. You most definitively can't modify the code, even if you don't intend to distribute it.

... or if you want to implement some modifications of your own (which you don't intend to distribute)

IANAL, but I have been led to believe that code that is all rights reserved cannot be modified without consent of the author, unless it falls under the fair use exemption of copyright.

The fact that your modifications could reduce the profitability of the copyright owners derivative works lead me to suspect that the courts would generally find that your changes are a copyright violation, even if they are no

Whether you are working on proprietary code or open source code, you can't just paste code from the net into your project without a license, regardless of whether it's GPL, BSD, or some royalty-free use grant. Unless the code has an explicit license, or states explicitly that it is in the public domain, you simply cannot use it without express permission from the copyright holder, because no law grants you that right. Plain and simple. So if code in a git repo is "all rights reserved," the you can look, and even download it, but you cannot put it into your own code. So I don't see what the problem is here. License always matters, whether you're a FLOSS person or developing commercial software.

So of course half of all git repos are unsafe to use. Why does this warrant some big sensationalist article? Kind of along the lines of articles claiming the GPL is a threat to proprietary software companies because it will "infect" them somehow magically. Folks, a little bit of understanding of copyright law will go a long ways I think. Open source, even copyleft, depends on copyright to keep it as such. We should all have a basic understanding of it.

You can take any code which you find and put it into your project, or even combine bits of code with incompatible licenses. What you can't do is distribute the result. Distribution is where copyright law kicks in.

You can take any code which you find and put it into your project, or even combine bits of code with incompatible licenses.

Distribution might be where GNU GPL 2.0 kicks in, but copyright certainly kicks in to prevent you from just taking code and putting it into your own project, at least in Europe — the restriction on "copying," for example. (You might have a defence of fair use in the US, but that's an affirmative defense, not an absence of copyright.)

Whether anyone would find out, or consider it worth suing for, is perhaps another matter, but copyright is not just limited to distribution.

It is true that the law grants the copyright owner the right to restrict the creation of copies, but It can be reasonably argued that by posting the code on GitHub you've implicitly given consent to the mere creation of a copy (as would automatically happen if you view the code or download it). For most practical purposes, the limitation on distribution is what matters.

Now if the program is all rights reserved, and your modified version that you distribute mocks the original author, you could claim the parody exception for copyright. (Would you be successful? I don't know about that question, ask an attorney.)

Github is a great place to store your repository. It is ALSO a great place to share code with people you want to work with who may or may not be really conversant with git.
Github doesn't claim to provide a repository for open source software...just a place to store repositories which you (as an author) may or may not choose to attach a license to. But that doesn't remove the responsibility of the copier to determine what the license on that software may be. If I copy anything, I need to know if I have the right (copy right) to do that. The onus is and always has been on the copier. That said, the copyright owner is the one who will follow up with violations.
Just because I choose to use github to store my repositories (and, in my case, I use and pay for private repositories for those things that I don't want to share) does not mean that I want everyone in the world to download and use my stuff. I'm an idiot if I am surprised when people DO use my stuff that I make publicly available, but without an explicit license allowing use of my code, it is protected in the US by copyright laws as soon as I write it...and IANAL.
Github is just a great service for those of us who don't want to set up our own repository. They are not a guarantor of free software, nor a nanny to protect me.

Agreed, although it does claim to be a platform for "social coding," and that it is [github.com] "the best place to share code with friends, co-workers, classmates, and complete strangers," having been founded "to simplify sharing code."

I am not reading the article as anything more than "if GitHub wants to promote sharing of code, make it easier for a developer to specify licensing terms" — and that seems imminently sensible to me.

Just because I choose to use github to store my repositories (and, in my case, I use and pay for private repositories for those things that I don't want to share) does not mean that I want everyone in the world to download and use my stuff.

Just so you know, in the terms-and-services you clicked on when you signed up for github, you actually gave permission to everyone in the world to download, view, and fork your stuff. So if that's not what you want, you might reconsider your use of github (Note: this only applies to the free public repositories).

Agreed and I understood that (which is why I have some private repositories). It's the fork part that is "interesting" from a copyright standpoint. What does that really mean, legally (I know what it means technically)? I guess that's why the lawyers continue to do what they do.

What does that really mean, legally (I know what it means technically)?

From a legal standpoint, of course it's a horribly unclear terms-of-service, so you are right when you say, "I guess that's why the lawyers continue to do what they do." However, I think the implicit meaning could be reasonably interpreted to mean, "if you put things here, you intend to share them."

In general it's easier to pursue a copyright claim if you've made an active attempt to assert it, for example, submitting your work to the Library of Congress. So if you haven't specified a license, or made an

Just so you know, in the terms-and-services you clicked on when you signed up for github, you actually gave permission to everyone in the world to download, view, and fork your stuff.

True. However the original copyright remains intact. Maybe you could add your copyright to code that you add. The original author doesn't seem to lose anything by forking. Well other than individuals may download and privately use, but not redistribute, the forked version rather than the original version.

Well other than individuals may download and privately use, but not redistribute, the forked version rather than the original version.

It is unlikely that any court will interpret the terms of service to mean that you can fork it, but not allow others to fork a forked version. It's unlikely that any court would stop redistribution.

Who said anything about not allowing the fork to be forked? By redistribution I mean something *other* than the source being available on github as part of the original author's hierarchy. Such *other* methods of distribution remain subject to the authors' wishes.

Yes, but if you don't specify that your wishes are contrary, you will have trouble winning a court case based on non-specified wishes.

I'm sorry but I'm not following. Your wishes being contrary do not change the original author's wishes. The original author's wishes move to the fork with his code. There could only be contrary wishes in the code that you contribute. People would be free to re-use source from you contributions if your allow but the original code remains off limits wrt re-use.

The author's wishes don't matter. All that matters is what can be enforced in court (remember copyright is an artificial construct, the only way it matters is when the government enforces is through the courts).

The goal for the author should be to make his wishes known in a way that the courts will be willing to enforce the copyright. There are ways to do this, for example, you can submit your work to the library of congress.

Now, if you don't even include a license in your repository, and just throw it

We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

If you use source code found on github, it's going to be hard for the author to win a copyright lawsuit. This is a non-issue. They've basically allowed you to fork the code (with the implication that you're going to modify it). I don't see them in any way being able to recover punitive or even statutory damages.

The real danger with github, as with all open source, is ensuring that the project's owner hasn't stolen proprietary code from somewhere else. Imagine if Linus had grabbed some files from Unix, then IBM would have been in a lot more difficulty during the SCO case. Fortunately the only things Linus copied were semicolons and braces.

But if you use someone's code through an open source project, you can be liable, even if you got the code under the GPL or BSD license, because the project's owner didn't have the right to give you that code.

It sounds like the original poster comes from that school of thought that expects every hosting service or ISP to defend property rights on behalf of the owners. That's not GitHub or Megaupload's job. The world would be different if the RIAA had sued Postel and Reynolds for writing RFC 959 (FTP) for not incorporating DRM.

We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.

If you use source code found on github, it's going to be hard for the author to win a copyright lawsuit. This is a non-issue. They've basically allowed you to fork the code (with the implication that you're going to modify it). I don't see them in any way being able to recover punitive or even statutory damages.

Forking doesn't remove copyright. All that seems to have been accomplished by forking is adding someone else's possibly copyrighted work to the original author's copyrighted work.

If you use source code found on github, it's going to be hard for the author to win a copyright lawsuit. This is a non-issue. They've basically allowed you to fork the code (with the implication that you're going to modify it). I don't see them in any way being able to recover punitive or even statutory damages.

So under what license do you have the code, if it doesn't have one? Are you're going to claim that this CYA sentence in the terms of service that GitHub have put there to avoid being sued for handing out "unlicensed" copies to people is the same as the author putting the code in the public domain? I think you'd get laughed out of court with that defense. For sure it protects GitHub distributing the code, it probably protects you cloning the repository but you for sure hasn't been granted any "exclusive righ

You've got it backwards. If you sue me for copyright infringement, you need to prove that I infringed, I don't need to prove that I didn't. So good luck proving that by forking and redistributing the code that you put on github, I've made unjust profits or caused you losses.

The public repository option for uploading makes no mention that you need to supply the code with a copyleft/copyright free license, just that the code is publicly listed and browsable. Why are people assuming that everyone is supposed to?

Are people confusing open source (publicly browsable source) from Open Source (the movement)?

Lots of so called open source projects either don't provide a license or provide conflicting license information. For example, we recently looked at a project where the web site says it's MIT, but the code says it's public domain.

And some that you would expect to be clueful are surprisingly not, or are at least very sloppy. I recently was studying an example in the Pyside code base. Pyside, a major project, from Qt, owned by Digia, formerly owned by Nokia. People you would expect to be clueful. I looked quite diligently for license information. I found in a directory some levels up from the code I was studying a one sentence "licensed under GPLv2". Okaaaaaay....., how about since each example is a stand-alone program in a stan

A lot of stuff on github is experimental, "quick and dirty" code. The amount of effort to, say, put GPL boilerplate in every file isn't large, but it isn't zero, either. So, *ask*. You send mail to me, volunteer to do this small job, I'll probably give you commit access to the repo.

I have a bunch of projects on github and I'm too lazy to license many of them. If anyone ever emailed me wanting to use them I'd throw up a BSD3 license. I bet a lot of projects on github are lazy or simply don't know how to license a project, but would be happy to give permission to use the code.

No, using GitHub is not dangerous. But reusing code from the Internet without investigating its licensing status is. Then again, the same goes for anything that you find online, and they teach kids at school these days what you can and can't re-use. Your ignorance will not protect you.

The phrase "All Rights Reserved" is a totally meaningless phrase. It used to be required to retain certain rights in central american countries. It was created by the Buenos Ares convention, and once everybody in central and south america adopted the Berne convention, the phrase no longer had any recognized legal meaning.

It has falsely been asserted that the phrase "All Rights Reserved" makes the Berkeley Copyright statement non-free. This is false because the copyright notices from the Berkeley Unix code base date to a time when the phrase had meaning.

Not unconditionally true.Open source licenses exists to prevent certain types of distribution (otherwise, just use public domain).For instance, some licenses will not allow you to change code and distribute it under the original name.Most open source licenses prevent you from removing the copyright notice from code you distribute.Many prevent you from removing author attribution from code distributions.

...especially when there is nothing in the code to indicate what the license is.

It's like a hotel mini-bar but with no indication or understanding that you actually have to pay for the overpriced booze and peanuts. This hotel is in a hippie commune where the usual rules don't apply. So it's not obvious that crass rules apply.

So you don't make the usual default assumption that everything has dire restrictions by default, that everything has a price, and that they will try to charge you for those booze and p

Frankly, worrying about licensing every piece of code you write is just a time-suck.

Not really, because there are a few ready-made pre packaged licenses to suit your taste.

Personally I like the GPL, so random small things I've released (quite a few) just had a stock LICENSE which is just a copy of the GPL. Took a good 10 seconds. I guess you could count that as a time suck, but I probably spent more time worrying about what to call the program.